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REMARKS 

In the Office Action dated February 9, 2009, claims 10-12, 14, 17 and 20-25 were 
rejected under 35 U.S.C. § 103(a) as unpatentable over U.S. Patent No. 7,020,464 (Bahl) in view 
of U.S. Patent No. 6,108,300 (Coile). 

It is respectfully submitted that the obviousness rejection of claim 10 over Bahl and Coile 
is erroneous. 

To make a determination under 35 U.S.C. § 103, several basic factual inquiries must be 
performed, including determining the scope and content of the prior art, and ascertaining the 
differences between the prior art and the claims at issue. Graham v. John Deere Co., 383 U.S. 1, 
17, 148 U.S.P.Q. 459 (1965). Moreover, as held by the U.S. Supreme Court, it is important to 
identify a reason that would have prompted a person of ordinary skill in the art to combine 
reference teachings in the manner that the claimed invention does. KSR International Co. v. 
Teleflex, Inc., 127 S. Ct. 1727, 1741, 82 U.S.P.Q.2d 1385 (2007). 

Claim 10 recites a method for maintaining secure network connections, comprising: 

• duplicating, at a third network element, a security association associated with a secure 
network connection between a first network element and a second network element, 
wherein a lookup of the security association associated with the secure network 
connection is not dependent on any destination address; and 

• in response to detecting failure of the second network element, replacing the second 
network element with the third network element in the secure network connection with 
the first network element, wherein the secure network connection between the first 
network element and the third network element is based on the duplicated security 
association. 

The Office Action cited Bahl as purportedly disclosing duplicating, at a third network 
element, a security association associated with a secure network connection between a first 
network element and a second network element. In the obviousness rejection, the Office Action 
identified the mobile host 70 or 120 of Bahl as constituting the "first network element" of claim 
1, the access point 156 of Bahl as constituting the "second network element" of claim 1, and the 
correspondent host 72 or 122 as constituting the "third network element" of claim 1. 

The problem with this mapping of elements in Bahl to the first, second and third network 
elements of claim 10 is that the secure connection of Bahl is between the mobile host and a 
correspondent host, and the security association is associated with such secure connection 
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between the mobile host and the correspondent host. The access point 156 shown in Fig. 3 of 
Bahl is part of the wireless infrastructure that is used by the mobile host 120 in Fig. 3 to access 
an infrastructure network such that the mobile host 120 can communicate with the correspondent 
host 122. There is no concept of a security association between the mobile host 120 and access 
point 156. 

The discussion in Bahl is very clear that the security association described is associated 
with the secure connection between the mobile host 120 and the correspondent host 122, not 
between the mobile host 120 and the access point 156. Since there is no security association 
associated with any connection between the mobile host 120 and the access point 156, then there 
cannot possibly be any "duplicating" of a security association as recited in claim 10. In other 
words, the security association that is maintained at the correspondent host in Bahl is not a 
duplicated security association, but rather the original security association between the mobile 
host 120 and the correspondent host 122. This security association is not a duplicate of any other 
security association, particularly since there is no security association between the mobile host 
120 and the access point 156. 

This is a first point of error made in the obviousness rejection. 

The Office Action conceded that Bahl does not disclose the "replacing" element of claim 
10. Instead, the Office Action cited Coile as purportedly disclosing this claimed feature. The 
Office Action specifically cited Fig. 1 and the Abstract of Coile. Coile refers to transferring a 
network function from a primary network device to a backup network device when it is detected 
that the primary network device has failed. However, this has nothing to do with the subject 
matter of claim 10, which refers to replacing the second network element with a third network 
element in the secured network connection with the first network element, where the secure 
network connection between the first network element and the third network element is based on 
the duplicated security association. Nowhere in Coile is there any hint provided of replacing 
one network element with another network element in a secure network connection and then 
maintaining the secure network connection based on a duplicated security association. 

In view of the foregoing, even if Bahl and Coile could be hypothetically combined, the 
hypothetical combination of references would not have led to the claimed subject matter. 
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Moreover, no reason existed that would have prompted a person of ordinary skill in the 
art to combine the teachings of Bahl and Coile. 

Bahl refers to a change of address of a mobile host as the mobile host moves around. 
Bahl describes how a secure connection can be maintained between the mobile host and a 
correspondent host even though the address of the mobile host has changed. This teaching of 
Bahl has nothing to do with the subject matter of claim 10, which relates to detecting failure of a 
second network element (to which the first network element has established a secure network 
connection that is associated with a security association) and replacing the second network 
element that has failed with a third network element in the secure network connection with the 
first network element. Maintaining a secure connection in response to a change of address of a 
mobile host, as taught by Bahl, has nothing to do with detecting failure of the second network 
element and replacing the second network element with a third network element in the secure 
network connection with the first network element, as recited in claim 10. Moreover, Coile 
provides absolutely no hint whatsoever that its failover mechanism would maintain a secure 
network connection that is based on a duplicated security association. In view of the foregoing, 
it is clear that a person of ordinary skill in the art would have found no reason to combine the 
teachings of Bahl and Coile to achieve the claimed invention. 

Therefore, it is respectfully submitted that the obviousness rejection of claim 10 is in 

error. 

Independent claim 12 recites a method for maintaining secure network connections, 
comprising: 

• configuring a plurality of security gateways such that a lookup of security 
associations is not dependent on any destination address; and 

• sharing a security association among the plurality of security gateways. 

Claim 12 recites sharing a security association among a plurality of security gateways. 
The Office Action cited security associations 84 and 86 and the IPsec/ISAKMP security 
associations of Bahl as being shared among a plurality of security gateways (which the Office 
Action equated to correspondent hosts (or servers 112a and 112b disclosed in Coile)). The 
security association 84 of Bahl resides in the correspondent host 72, while the security 
association 86 resides in the mobile host 70. Similarly, the ISAKMP security association 142 in 
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Fig. 3 of Bahl resides in the mobile host 120, while the ISAKMP security association 146 resides 
in the correspondent host 122. In each of Fig. 2 and 3 of Bahl, a secure connection associated 
with a particular security association is maintained between a mobile host and a correspondent 
host. There is absolutely nothing in Bahl that would even remotely hint at sharing a security 
association at multiple security gateways. In other words, different security associations in a 
correspondent host in Bahl would correspond to different secure connections with different 
mobile hosts. Therefore, there would be no sharing of a security association among a plurality of 
security gateways. 

Coile also makes absolutely no mention of sharing a security association among a 
plurality of security gateways. 

Therefore, even if Bahl and Goile could be hypothetically combined, the hypothetical 
combination of the references would not have led to the claimed subject matter. Moreover, a 
person of ordinary skill in the art would not have been prompted to combine the teachings of 
Bahl and Coil to achieve the subject matter of claim 12, since the concept of sharing a security 
association among a plurality of security gateways does not exist in Bahl or Coile. 

The obviousness rejection of claim 12 is therefore also defective. 

Independent claim 22 recites a first security server comprising: 

• a transceiver to receive information relating to at least one security association of a secure 
network connection between a mobile client and a second security server; and 

• a processor module to: 

■ monitor operation of the second security server; 

■ in response to detecting failure of the second security server, send a message to 
the mobile client that the first security server is taking over the secure network 
connection; and 

■ communicate with the mobile client using the at least one security association 
over the secure network connection between the first security server and the 
mobile client. 

For reasons similar to those stated above with respect to claim 10, it is respectfully 
submitted that claim 22 is also non-obvious over Bahl and Coile. 

Dependent claims are allowable for at least the same reasons as corresponding 
independent claims. 
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Allowance of all claims is respectfully requested. The Commissioner is authorized to 
charge any additional fees and/or credit any overpayment to Deposit Account No. 14-1315 
(NRT.0124US). 

Respectfully submitted, 



Date: May 11.2009 /Dan C. Hu/ 

Dan C. Hu 

Registration No. 40,025 
TROP, PRUNER & HU, P.C. 
1616 South Voss Road, Suite 750 
Houston, TX 77057-2631 
Telephone: (713)468-8880 
t Facsimile: (713)468-8883 



9 



